Permissions of tomcat-users.xml

Marc aurel42 at
Thu Jul 26 11:46:18 UTC 2007

Hi there,

I noticed that, on a standard installation of tomcat5.5 on Debian/etch
(last checked with 5.5.20-2), /var/lib/tomcat5.5/conf/tomcat-users.xml
is world-readable (644). I think that's a security problem and tomcat
seems to work fine when the file is chmodded to 400.

Should I file a bug report on this?

Thanks for your advice,

The NSA is now funding research not only in cryptography, but in all
areas of advanced mathematics. If you'd like a circular describing these
new research opportunities, just pick up your phone, call your mother,
and ask for one.

More information about the pkg-java-maintainers mailing list